package com.kuang.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * @program: springboot07shiro
 * @description:    shiro配置类
 * @author: 陈恩涛
 * @create: 2020-10-29 21:51
 **/

@Configuration
public class ShiroConfig {

    //第三步：ShiroFilterFactoryBean
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();

        //设置安全管理器
        //关联DefaultWebSecurityManager
        bean.setSecurityManager(defaultWebSecurityManager);

        //添加shiro的内置过滤器
        /*
        *  anon:无需认证即可访问
        *  authc:必须认证了才能访问
        *  user:必须拥有记住我功能才能访问
        *  perms：拥有对某个资源的权限才能访问
        *  role:拥有某个角色权限才能访问
        *
        * */

        //登录拦截
        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();

        //授权,正常情况下，没有授权会跳转到未授权页面
        filterChainDefinitionMap.put("/user/add","perms[user:add]");
        filterChainDefinitionMap.put("/user/update","perms[user:update]");

        filterChainDefinitionMap.put("/user/*","authc");

        bean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        //设置登录的请求
        bean.setLoginUrl("/toLogin");

        //未授权的页面
        bean.setUnauthorizedUrl("/noauth");

        return bean;
    }

    //第二步：DefaultWebSecurityManager
    //形参userRealm会先使用@Autowired规则寻找，找不到则遵循@Qualifier注解。
    @Bean(name = "securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){

        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联UserRealm
        securityManager.setRealm(userRealm);

        return securityManager;
    }

    //第一步：创建Realm对象,需要自定义
    @Bean
    public UserRealm userRealm(@Qualifier("credentialsMatcher") HashedCredentialsMatcher credentialsMatcher){

        UserRealm userRealm = new UserRealm();
        //将自定义的令牌Set到Realm
        userRealm.setCredentialsMatcher(credentialsMatcher);
        return userRealm;
    }


    /*
     *方法描述： 配置加密方式  MD5盐值加密
     *
     * @param
     * @return org.apache.shiro.authc.credential.HashedCredentialsMatcher
     * @author chenentao
     * @date 2020/10/31 7:07
     */
    @Bean
   public HashedCredentialsMatcher credentialsMatcher(){
       HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();

       //设置属性值
       //设置加密算法
       matcher.setHashAlgorithmName("MD5");

       //设置加密次数
       matcher.setHashIterations(1024);

       //是否存储为16进制  trur:加密用的hex编码，false用的base64编码
       matcher.setStoredCredentialsHexEncoded(true);

       return matcher;
   }

   //整合thymeleaf shiroDialect:用来整合Shiro   thymeleaf
    @Bean
    public ShiroDialect getShiroDialect(){
        return new ShiroDialect();
    }

}
